Lucene search
K

12 matches found

NVD
NVD
added 2026/06/25 9:16 a.m.11 views

CVE-2026-56130

"Remember me" cookie age is not verified on the server. This potentially allows an attacker to intercept a valid cookie and reuse it indefinitely, even after the configured expiration time has passed. This issue affects all Apache Shiro versions from 1.2.4 through 2.x, and 3.0.0-alpha-1, only whe...

2CVSS0.00224EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/25 8:44 a.m.8 views

EUVD-2026-39229

"Remember me" cookie age is not verified on the server. This potentially allows an attacker to intercept a valid cookie and reuse it indefinitely, even after the configured expiration time has passed. This issue affects all Apache Shiro versions from 1.2.4 through 2.x, and 3.0.0-alpha-1, only whe...

2CVSS5.9AI score0.00224EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.9 views

EUVD-2019-10588

Malware in sbrugna...

6.5CVSS6.6AI score0.00725EPSS
Exploits0References2
OSV
OSV
added 2022/05/14 1:4 a.m.20 views

GHSA-Q4CQ-R7HG-PXQQ Improper Authentication in Jenkins

A improper authentication vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in SecurityRealm.java, TokenBasedRememberMeServices2.java that allows attackers with a valid cookie to remain logged in even if that feature is disabled...

5.4CVSS7.1AI score0.00874EPSS
Exploits0References5
OSV
OSV
added 2021/09/15 5:15 p.m.2 views

UBUNTU-CVE-2021-39210

GLPI is a free Asset and IT management software package. In versions prior to 9.5.6, the cookie used to store the autologin cookie when a user uses the "remember me" feature is accessible by scripts. A malicious plugin that could steal this cookie would be able to use it to autologin. This issue ...

6.5CVSS7.2AI score0.00982EPSS
Exploits0References5
Prion
Prion
added 2020/07/29 6:15 p.m.17 views

Design/Logic Flaw

An attacker with access to an InMail voicemail box equipped with the find me/follow me feature on Aspire-derived NEC PBXes, including all versions of SV8100, SV9100, SL1100 and SL2100 devices, may access the system's administration modem...

4CVSS6.5AI score0.00725EPSS
Exploits0References1
CVE
CVE
added 2020/07/29 5:30 p.m.54 views

CVE-2019-20032

CVE-2019-20032 affects Aspire-derived NEC PBXes (SV8100, SV9100, SL1100, SL2100). A local attacker who has access to an InMail voicemail box with the find me/follow me feature can reach the system’s administration modem. The case describes no details on the root cause beyond the feature interplay...

6.5CVSS6.4AI score0.00725EPSS
Exploits0References1Affected Software1
CNVD
CNVD
added 2018/03/19 12:0 a.m.3 views

Bookme Control Panel Cross-Site Scripting Vulnerability

Bookme Control Panel is an online booking plugin for use in WordPress. A cross-site scripting vulnerability exists in the Customers 'Book Me' feature in version 2.0 of Bookme Control Panel, which stems from the program failing to filter user-submitted input. A remote attacker can exploit this...

5.4CVSS6.4AI score0.00545EPSS
Exploits1References1
ThreatPost
ThreatPost
added 2017/08/30 5:43 p.m.51 views

Intel Confirms Its Much-Loathed ME Feature Has A Kill Switch

Researchers at Positive Technologies forced Intel’s hand at revealing that a previously undocumented kill switch exists for its oft-criticized Intel Management Engine, a remote management component of Intel CPUs. Initially, Positive Technologies set out to disable the feature that some security...

10CVSS0.92189EPSS
Exploits7References7
OSV
OSV
added 2016/06/07 2:6 p.m.11 views

CVE-2016-4437

Apache Shiro before 1.2.5, when a cipher key has not been configured for the "remember me" feature, allows remote attackers to execute arbitrary code or bypass intended access restrictions via an unspecified request parameter...

9.8CVSS9.8AI score0.93143EPSS
Exploits9References8
ATTACKERKB
ATTACKERKB
added 2016/06/07 12:0 a.m.168 views

CVE-2016-4437

Apache Shiro before 1.2.5, when a cipher key has not been configured for the “remember me” feature, allows remote attackers to execute arbitrary code or bypass intended access restrictions via an unspecified request parameter. Recent assessments: sv3nbeast at April 17, 2020 12:15pm UTC reported: ...

9.8CVSS9.2AI score0.93143EPSS
In wildExploits9References8
Positive Technologies
Positive Technologies
added 2016/06/03 12:0 a.m.6 views

PT-2016-3363

Name of the Vulnerable Software and Affected Versions Apache Shiro versions prior to 1.2.5 Description The issue is related to the "remember me" feature in Apache Shiro, where the lack of a configured cipher key allows remote attackers to execute arbitrary code or bypass intended access...

9.8CVSS7.5AI score0.93143EPSS
Exploits9References35
Rows per page
Query Builder